def make_credentials(self, lifetime=LIFETIME): return Credentials( source_credentials=self.SOURCE_CREDENTIALS, target_principal=self.TARGET_PRINCIPAL, target_scopes=self.TARGET_SCOPES, delegates=self.DELEGATES, lifetime=lifetime)
def generate_jwt_token_from_impersonated_account(service_account_info: Dict[str, str], audiences: str, issuer: str) -> Tuple[str, int]: """ Using a dictionary containing the information from a Google Cloud service account credentials file, this function impersonates the Company Information API master user service account and signs a JSON Web Token (JWT) used to authenticate the client when accessing the service. :param service_account_info: A dictionary containing all the information found in a Google Cloud service account credentials JSON file. :type service_account_info: Dict[str, str] :param audiences: The intended recipient of the JWT. Found in the Google Endpoint specification. For example, for the company information API, the recipient is 'company-information.api.willowlabs.ai' :type audiences: str :param issuer: The email address of the impersonated API master user service account. :type issuer: str :param jwt_lifetime: The length of time, in seconds, for which the created JWT is valid. :type jwt_lifetime: int :return: A tuple containing the JWT and a POSIX/Unix epoch-style timestamp indicating when the JWT expires. :rtype: Tuple[str, int] """ credentials = Credentials.from_service_account_info(service_account_info, scopes=["https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/iam"]) if not credentials.valid: credentials.refresh(Request()) impersonated_credentials = ImpersonatedCredentials(source_credentials=credentials, target_principal=issuer, target_scopes=["https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/iam"]) if not impersonated_credentials.valid: impersonated_credentials.refresh(Request()) signer = Signer(Request(), impersonated_credentials, impersonated_credentials.service_account_email) now = int(time.time()) expires = now + MAX_TOKEN_LIFETIME_SECS payload = { 'iat': now, 'exp': expires, 'aud': audiences, 'iss': issuer } return google.auth.jwt.encode(signer, payload).decode("utf-8"), expires
def make_credentials( self, source_credentials=SOURCE_CREDENTIALS, lifetime=LIFETIME, target_principal=TARGET_PRINCIPAL, iam_endpoint_override=None, ): return Credentials( source_credentials=source_credentials, target_principal=target_principal, target_scopes=self.TARGET_SCOPES, delegates=self.DELEGATES, lifetime=lifetime, iam_endpoint_override=iam_endpoint_override, )